Apr-28-2005 02:38pm Frcra-I 5 RECP 

AMENDMENT TO THE CLAIMS 



2129407049 



T-204 P. 004/01 3 F-788 



1. (original): A router provided on a boundary between the Jmeraet and an intranet and 
used for receiving an incoming first packet and then passing on said first packet to a destination 
router indicated by a destination address of said first packet* said router comprising: 

a decapsulation unit for carrying out a process of decapsulating said first packet 
into a second packet in the case of said first packet including a predetermined address specified 
as said destination address; 

a first judgment unit for forming a judgment as to whether or not a user 
transmitting said first packet is an authorized user, 

a second judgment unit for forming a judgment as to whether or not the present 
time is within a time range allowed for said user transmitting said first packet; and 

a third judgment unit for fonning a judgment as to whether or not said second 
packet obtained as a result of said process of decapsulating said first packet is allowed to pass 
through said intranet on the basis of a result of said judgment formed by said first judgment unit 
and a result of said judgment formed by said second judgment unit. 

2. (original): A router used for receiving an incoming packet and then passing on said 
packet to a destination router indicated by a destination address of said packet, said router 
comprising: 

a first judgment unit for forming a judgment as to whether or not the present time 
is within a time range open to a user transmitting said packet; 

a second judgment unit for comparing a distance to said destination address along 
a route to be traveled by said packet by way of a predetermined network with a distance to said 
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destination address along a route to be traveled by said packet by way of the Internet only 
without passing through said predetermined network; 

a third judgment unit for forming a judgment as to whether to pass on said packet 
to said destination address along said route passing through said predetermined network or said 
route by way of said Internet only without passing through said predetermined network on the 
basis of a result of said judgment formed by said first judgment unit and a result of said judgment 
formed by said second judgment unit; and 

an encapsulation unit which is used for creating an encapsulated packet by adding 
an encapsulation header destined for said predetermined network to said packet in case a result 
of said judgment formed by said third judgment unit indicates that said packet is to be passed on 
to said destination address by way of said predetermined network. 

3.(original): A router according to claim I wherein: 

said router further has a message-transmitting unit for transmitting an open- 
network message to a second router transmitting said first packet; and 

said third judgment unit does not lee said second packet obtained as a result of 
decapsulation of said first packet pass through said intranet prior to transmission of said open- 
network message. 

^(original): A router according to claim 1 wherein: 

said router further has a message-transmitting unit for transmitting a blocked- 
network message to a second router transmitting said first packet; and 
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said third judgment unit does not let said second packet obtained as a result of 
decapsulation of said first packet pass through said intranet after transmission of said blocked- 
network message. 

5. (cancelled) 

6. (original): A router according to claim 2 wherein said second judgment unit compares 
a distance to a destination address of a packet along a route to be traveled by said packet by way 
of a predetermined network witb a distance to said destination address along a route to be 
traveled by said packet by way of the Internet only without passing through said predetermined 
network on the basis of distance information stored in a first table. 

7. (original): A router according to claim 2 wherein said encapsulation unit creates an 
encapsulated packet by adding an encapsulation header stored in a second table. 

8. (original): A router according to claim 6 wherein said distance information stored in 
said first table is obtained as a result of comparison of the first number of domains to be traveled 
to reach a predetermined router in said predetermined network with the second number of 
domains to be traveled to reach a destination address by communications with an a4jacent router. 

9. (original): A router according to claim 2 wherein: 

said router further has a message-receiving unit for receiving an open-network- 
message from said predetermined network; and 
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said third judgment unit transmits a packet by way of the Internet only without 
transmitting the packet by way of said predetermined network prior to reception of said open- 
network message. 

1 O.(original): A router according to claim 2 wherein: 

said router further has a message-receiving unit for receiving a blocked-network- 
message from said predetermined network; and 

said third judgment unit transmits a packet by way of the Internet only without 
transmitting the packet by way of said predetermined network after reception of said blocked- 
network message. 

1 1 .(original): A router according to claim 2 wherein: 

said router further has an operation-verifying unit for verifying operations of a 
plurality of other routers in said predetermined network; and 

said encapsulation unit creates an encapsuia^d packet including an additional 
encapsulation header destined for one of said other routers with a normal operation verified by 
said operation-verifying unit. 

l2.(origmal): A router according to claim I wherein: 

said router further has a first table for storing a user category indicating whether a 
user transmitting a packet is a preferentially treated user or an ordinary user and storing an open- 
' network time range for a user transmitting a packet indicated as an ordinary user by said user 

category for each source address; 
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said router further has a founh judgment unit for forming a judgment as to 
whether a user transmitting a packet is a preferentially treated user or an ordinary user on the 
basis of said user category stored in said first table for a source address of said packet; and 

said third judgment unit lets a second packet originated by a user judged by said 
fourth judgment unit to be a preferentially treated user pass through said intranet without regard 
to said open-network time range. 

1 3. (original): A communication network comprising the Internet, an intranet including a 
first boundary router connected to said Internet and a user network including a second boundary 
router connected to said Internet wherein: 

said first boundary router includes: 

a decapsulation unit for carrying out a process of decapsulating a first packet into 
a second packet in the case of said first packet including a predetermined address specified as a 
destination address; 

a first judgment unit for forming a judgment as to whether or not a user 
transmitting said first packet is an authorized user; 

a second judgment unit for fanning a judgment as to whether or not the present 
time is within a time range allowed for said user transmitting said first packet; and 

a third judgment unit for forming a judgment as to whether or not said second 
packet obtained as a result of said process of decapsulating said first packet is allowed to pass 
through said intranet on the basis of a result of said judgment formed by said first judgment unit 
and a result of said judgment formed by said second judgment unit; whereas 

said second boundary router includes: 
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a fourth judgment unit for forming a judgment as to whether or not the present 
time is within a time range open to a user transmitting a third packet; 

a fifth judgment unit for comparing a distance to a destination address of said 
third packet along a toute to be traveled by said third packet by way of said intranet with a 
distance to said destination address along a route to be traveled by said third packet by way of 
the Internet only without passing through said intranet; 

a sixth judgment unit for forming a judgment as to whether to pass on said third 
packet to said destination address along said route passing through said intranet or said route by 
way of said Internet only without passing through said intranet on the basis of a result of said 
judgment formed by said fourth judgment unit and a result of said judgment formed by said fifth 
judgment unit; and 

an encapsulation unit which is used for creating an encapsulated packet by adding 
an encapsulation header destined for said first boundary router to said third packet in case a 
result of said judgment formed by said sixth judgment unit indicates that said third packet is to 
be passed on to said destination address by way of said intranet, 

l4-(new): A communication network comprising: 

a first edge node included in a user network for encapsulating a packet and 
transmitting an encapsulated packet; and 

a second edge node included in an intranet for decapsulating said encapsulated 
packet and forming a judgment as to whether or not a decapsulated packet is allowed to transmit 
to an internet after passing through said intranet on the basis of a table of authorized users in a 
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** 

case where a first user having a destination address of a packet transmitted from a second user 
included in said user network is not included in said intranet. 

1 5.(new): A communication method comprising: 

encapsulating a packet and transmitting an encapsulated packet by a first edge 
node included in an user network; 

decapsulating said encapsulated packet by a second edge node included in an 

intranet; and 

forming a judgment as to whether or not a decapsuiated packet is allowed to 
transmit to an internet after passing through said intranet on the basis of table of authorized users 
in a case where a first user having a destination of address of a packet transmitted from a second 
user included in said user network is not included in said intranet by said second edge node. 
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